Lucene search
K

8 matches found

EUVD
EUVD
added 2026/05/28 5:59 a.m.11 views

EUVD-2026-32726

A command injection vulnerability was discovered in the rpmuncompress utility of RPM. When extracting certain archive formats ZIP, 7z, GEM to a specified destination directory, the tool inserts the archive's top-level folder name into a shell command without properly sanitizing it. A specially...

7CVSS6AI score0.00547EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.16 views

PT-2026-44197

Name of the Vulnerable Software and Affected Versions RPM affected versions not specified Description A command injection issue exists in the rpmuncompress utility. When extracting ZIP, 7z, or GEM archive formats to a destination directory, the tool fails to sanitize the top-level folder name...

7CVSS6.1AI score0.00547EPSS
Exploits0References14
OSV
OSV
added 2024/09/24 8:8 a.m.8 views

USN-7030-1 py7zr vulnerability

It was discovered that py7zr was vulnerable to path traversal attacks. If a user or automated system were tricked into extracting a specially crafted 7z archive, an attacker could possibly use this issue to write arbitrary files outside the target directory on the host...

9.1CVSS5.8AI score0.02242EPSS
Exploits3References2
CNNVD
CNNVD
added 2023/11/03 12:0 a.m.6 views

7-Zip Number Error Vulnerability

7-Zip is a compression software. A numeric error vulnerability exists in 7-Zip version 22.01 and earlier, which stems from allowing integer underflow and code execution via a carefully crafted 7Z archive...

7.8CVSS7.5AI score0.7104EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2022/07/14 12:56 p.m.4 views

apache-commons-compress: excessive memory allocation when reading a specially crafted 7Z archive

A flaw was found in apache-commons-compress. When reading a specially crafted 7Z archive, Compress can allocate large amounts of memory that leads to an out-of-memory error for very small inputs. This flaw allows the mounting of a denial of service attack against services that use Compress' Seven...

7.5CVSS7.2AI score0.12697EPSS
Exploits0References7
OSV
OSV
added 2021/08/02 4:55 p.m.4 views

GHSA-7HFM-57QF-J43Q Excessive Iteration in Compress

When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress' sevenz package...

7.5CVSS7.1AI score0.11879EPSS
Exploits0References22
OSV
OSV
added 2021/07/31 11:3 a.m.4 views

OESA-2021-1294 p7zip security update

7za for Linux system to archive file as 7z file format Security Fixes: Heap-based buffer overflow in the NCompress::NShrink::CDecoder::CodeReal method in 7-Zip before 18.00 and p7zip allows remote attackers to cause a denial of service out-of-bounds write or potentially execute arbitrary code via...

7.8CVSS8.4AI score0.07016EPSS
Exploits4References5
CNNVD
CNNVD
added 2021/07/13 12:0 a.m.3 views

Apache Commons Compress 安全漏洞

Apache Commons Compress is a library from the Apache USA Foundation for processing compressed files. A security vulnerability exists in Apache Commons Compress, which stems from the fact that constructing a list of decoders to decompress entries may result in an infinite loop when reading a...

7.5CVSS6.7AI score0.11879EPSS
Exploits0References35
Rows per page
Query Builder